Ubuntu
perdition package

CVE-2007-5740: format string vulnerability

Bug #162543 reported by William Grant
256
Affects Status Importance Assigned to Milestone
perdition (Debian)
Fix Released
Unknown
perdition (Ubuntu)
Fix Released
High
Unassigned
Dapper
Fix Released
High
Stephan Rügamer
Edgy
Fix Released
High
Stephan Rügamer
Feisty
Fix Released
High
Stephan Rügamer
Gutsy
Fix Released
High
Stephan Rügamer
Hardy
Fix Released
High
Unassigned

Bug Description

Binary package hint: perdition

Perdition IMAPD is affected by a format string bug in one of its IMAP output-string formatting functions. The bug allows the execution of arbitrary code on the affected server. A successful exploit does not require prior authentication.

Hardy already has the fix, but all other releases are affected.

William Grant (wgrant)
Changed in perdition:
importance: Undecided → High
status: New → Confirmed
importance: Undecided → High
status: New → Confirmed
importance: Undecided → High
status: New → Confirmed
importance: Undecided → High
status: New → Confirmed
importance: Undecided → High
status: New → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in perdition:
status: Unknown → Fix Released
Revision history for this message
Stephan Rügamer (sruegamer) wrote :

working on it...

Stephan Rügamer (sruegamer)
Changed in perdition:
assignee: nobody → shermann
assignee: nobody → shermann
Stephan Rügamer (sruegamer)
Changed in perdition:
assignee: nobody → shermann
assignee: nobody → shermann
status: Confirmed → In Progress
Revision history for this message
Stephan Rügamer (sruegamer) wrote :
Changed in perdition:
status: Confirmed → In Progress
status: Confirmed → In Progress
status: Confirmed → In Progress
Revision history for this message
Stephan Rügamer (sruegamer) wrote :
Revision history for this message
Stephan Rügamer (sruegamer) wrote :
Revision history for this message
Stephan Rügamer (sruegamer) wrote :
Revision history for this message
Stephan Rügamer (sruegamer) wrote :

ready for review

Revision history for this message
Kees Cook (kees) wrote :

These looks great! Thanks, I've uploaded them to the security queue, they should be published shortly.

Changed in perdition:
status: In Progress → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
Revision history for this message
Stephan Rügamer (sruegamer) wrote :

perdition (1.17-7ubuntu0.7.10.1) gutsy-security; urgency=low

  * SECURITY UPDATE: The format string protection
    mechanism in IMAPD for Perdition Mail Retrieval
    Proxy 1.17 and earlier allows remote attackers to
    execute arbitrary code via an IMAP tag with a null
    byte followed by a format string specifier,
    which is not counted by the mechanism.
  * perdition/imap4_in.c: Added patch according to upstream (LP: #162543)
    (See: http://perdition.cvs.sourceforge.net/perdition/perdition/perdition/imap4_in.c?r1=1.45&r2=1.46)
  * References:
    CVE-2007-5740
    https://bugs.edge.launchpad.net/ubuntu/dapper/+source/perdition/+bug/162543
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448853
    http://perdition.cvs.sourceforge.net/perdition/perdition/perdition/imap4_in.c?r1=1.45&r2=1.46

 -- Stephan Hermann <email address hidden> Wed, 14 Nov 2007 13:44:43 +0100

Revision history for this message
Stephan Rügamer (sruegamer) wrote :

perdition (1.17-7ubuntu0.7.04.1) feisty-security; urgency=low

  * SECURITY UPDATE: The format string protection
    mechanism in IMAPD for Perdition Mail Retrieval
    Proxy 1.17 and earlier allows remote attackers to
    execute arbitrary code via an IMAP tag with a null
    byte followed by a format string specifier,
    which is not counted by the mechanism.
  * perdition/imap4_in.c: Added patch according to upstream (LP: #162543)
    (See: http://perdition.cvs.sourceforge.net/perdition/perdition/perdition/imap4_in.c?r1=1.45&r2=1.46)
  * References:
    CVE-2007-5740
    https://bugs.edge.launchpad.net/ubuntu/dapper/+source/perdition/+bug/162543
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448853
    http://perdition.cvs.sourceforge.net/perdition/perdition/perdition/imap4_in.c?r1=1.45&r2=1.46

 -- Stephan Hermann <email address hidden> Wed, 14 Nov 2007 14:08:08 +0100

Changed in perdition:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Kees Cook (kees)
Changed in perdition:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.